Openswan is an IPsec implementation for Linux.
Openswan supports the Openswan KLIPS IPsec stack and the Linux NETKEY
IPsec stack (kernel configuration with CONFIG_NET_KEY required).
For more info about choosing the Kernel IPsec stack see:
www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack
NOTE: First version 2.6.31 was integrated, but it did not work for an ARM
development board. Therefore the latest version integrated in Debian is
used instead (2.6.28), including security patches.
Signed-off-by: Harro Haan <hrh...@gmail.com>
---
.../01-2.6.26-2.6.28-CVE-2010-330x.dpatch | 300 ++++++++++++++++++++
.../02-CVE-2010-330x-patch-regression-fix.dpatch | 33 +++
.../replace-absolute-link-by-relative-link.patch | 22 ++
patches/openswan-2.6.28/series | 3 +
rules/openswan.in | 35 +++
rules/openswan.make | 143 ++++++++++
6 files changed, 536 insertions(+), 0 deletions(-)
create mode 100755
patches/openswan-2.6.28/01-2.6.26-2.6.28-CVE-2010-330x.dpatch
create mode 100755
patches/openswan-2.6.28/02-CVE-2010-330x-patch-regression-fix.dpatch
create mode 100755
patches/openswan-2.6.28/replace-absolute-link-by-relative-link.patch
create mode 100755 patches/openswan-2.6.28/series
create mode 100755 rules/openswan.in
create mode 100755 rules/openswan.make
diff --git a/patches/openswan-2.6.28/01-2.6.26-2.6.28-CVE-2010-330x.dpatch
b/patches/openswan-2.6.28/01-2.6.26-2.6.28-CVE-2010-330x.dpatch
new file mode 100755
index 0000000..f834246
--- /dev/null
+++ b/patches/openswan-2.6.28/01-2.6.26-2.6.28-CVE-2010-330x.dpatch
@@ -0,0 +1,300 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## /tmp/2.6.26-2.6.28-CVE-2010-330x.patch.dpatch by D. Hugh Redelmeier
<h...@mimosa.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fdebd
+## DP: Author: D. Hugh Redelmeier <h...@mimosa.com>
+## DP:
+## DP:
+## DP: fixes CVE-2010-3302 and CVE-2010-3308
+
+...@dpatch@
+
+---
+ programs/pluto/connections.c | 26 +++++++++--
+ programs/pluto/connections.h | 12 +++--
+ programs/pluto/kernel.c | 18 ++++++-
+ programs/pluto/xauth.c | 100
+++++++++++++++++++++++++++++--------------
+ 4 files changed, 112 insertions(+), 44 deletions(-)
+
+Index: openswan-2.6.28/programs/pluto/connections.c
+===================================================================
+--- openswan-2.6.28.orig/programs/pluto/connections.c
++++ openswan-2.6.28/programs/pluto/connections.c
+@@ -319,6 +319,11 @@ delete_connection(struct connection *c,
+ set_debugging(old_cur_debugging);
+ #endif
+ pfreeany(c->name);
++#ifdef XAUTH
++ pfreeany(c->cisco_dns_info);
++ pfreeany(c->cisco_domain_info);
++ pfreeany(c->cisco_banner);
++#endif
+ #ifdef DYNAMICDNS
+ pfreeany(c->dnshostname);
+ #endif /* DYNAMICDNS */
+@@ -756,6 +761,12 @@ unshare_connection_strings(struct connec
+
+ c->name = clone_str(c->name, "connection name");
+
++#ifdef XAUTH
++ c->cisco_dns_info = clone_str(c->cisco_dns_info, "connection
cisco_dns_info");
++ c->cisco_domain_info = clone_str(c->cisco_domain_info, "connection
cisco_domain_info");
++ c->cisco_banner = clone_str(c->cisco_banner, "connection cisco_banner");
++#endif
++
+ #ifdef DYNAMICDNS
+ c->dnshostname = clone_str(c->dnshostname, "connection dnshostname");
+ #endif /* DYNAMICDNS */
+@@ -1197,7 +1208,17 @@ add_connection(const struct whack_messag
+ c->name = wm->name;
+ c->connalias = wm->connalias;
+
++#ifdef XAUTH_USEPAM
++ c->pamh = NULL;
++#endif
++
++#ifdef XAUTH
++ c->cisco_dns_info = NULL;
++ c->cisco_domain_info = NULL;
++ c->cisco_banner = NULL;
++#endif
+ #ifdef DYNAMICDNS
++ c->dnshostname = NULL;
+ if (wm->dnshostname)
+ c->dnshostname = wm->dnshostname;
+ #endif /* DYNAMICDNS */
+@@ -1302,11 +1323,6 @@ add_connection(const struct whack_messag
+
+ /* Cisco interop: remote peer type */
+ c->remotepeertype=wm->remotepeertype;
+- /* Initializing Cisco dns and domain info */
+- if (c->remotepeertype == CISCO) {
+- c->cisco_dns_info[0] ='\0';
+- c->cisco_domain_info[0] ='\0';
+- }
+
+ /* Network Manager support */
+ #ifdef HAVE_NM
+Index: openswan-2.6.28/programs/pluto/connections.h
+===================================================================
+--- openswan-2.6.28.orig/programs/pluto/connections.h
++++ openswan-2.6.28/programs/pluto/connections.h
+@@ -259,15 +259,17 @@ struct connection {
+ #ifdef DYNAMICDNS
+ char *dnshostname;
+ #endif /* DYNAMICDNS */
+-#ifdef MODECFG
++#ifdef XAUTH
++# ifdef MODECFG
+ ip_address modecfg_dns1;
+ ip_address modecfg_dns2;
+ ip_address modecfg_wins1;
+ ip_address modecfg_wins2;
+-#endif
+- char cisco_dns_info[50];
+- char cisco_domain_info[50];
+- char server_banner[500];
++# endif
++ char *cisco_dns_info;
++ char *cisco_domain_info;
++ char *cisco_banner;
++#endif /* XAUTH */
+ u_int8_t metric; /* metric for tunnel routes */
+ #ifdef HAVE_STATSD
+ u_int32_t statsval; /* track what we have told
statsd */
+Index: openswan-2.6.28/programs/pluto/kernel.c
+===================================================================
+--- openswan-2.6.28.orig/programs/pluto/kernel.c
++++ openswan-2.6.28/programs/pluto/kernel.c
+@@ -421,11 +421,17 @@ fmt_common_shell_out(char *buf, int blen
+ "PLUTO_STACK='%s' "
+ "%s " /* possible metric */
+ "PLUTO_CONN_POLICY='%s' "
+- "%s " /* XAUTH username */
+- "%s " /* PLUTO_MY_SRCIP */
++#ifdef XAUTH
++ "%s " /* XAUTH username - if any */
++#endif
++ "%s " /* PLUTO_MY_SRCIP - if any */
++#ifdef XAUTH
++# ifdef MODECFG
+ "PLUTO_CISCO_DNS_INFO='%s' "
+ "PLUTO_CISCO_DOMAIN_INFO='%s' "
+ "PLUTO_PEER_BANNER='%s' "
++# endif /* MODECFG */
++#endif /* XAUTH */
+ #ifdef HAVE_NM
+ "PLUTO_NM_CONFIGURED='%u' "
+ #endif
+@@ -451,11 +457,17 @@ fmt_common_shell_out(char *buf, int blen
+ , kernel_ops->kern_name
+ , metric_str
+ , prettypolicy(c->policy)
++#ifdef XAUTH
+ , secure_xauth_username_str
++#endif
+ , srcip_str
++#ifdef XAUTH
++# ifdef MODECFG
+ , c->cisco_dns_info
+ , c->cisco_domain_info
+- , c->server_banner
++ , c->cisco_banner
++# endif /* MODECFG */
++#endif /* XAUTH */
+ #ifdef HAVE_NM
+ , c->nmconfigured
+ #endif
+Index: openswan-2.6.28/programs/pluto/xauth.c
+===================================================================
+--- openswan-2.6.28.orig/programs/pluto/xauth.c
++++ openswan-2.6.28/programs/pluto/xauth.c
+@@ -39,6 +39,8 @@
+ #include <openswan.h>
+ #include <openswan/ipsec_policy.h>
+
++#include "oswalloc.h"
++
+ #include "sysdep.h"
+ #include "oswconf.h"
+ #include "constants.h"
+@@ -912,12 +914,10 @@ int xauth_pam_conv(int num_msg, const st
+
+ reply[count].resp_retcode = 0;
+ reply[count].resp = string;
+- string = NULL;
+ }
+ }
+
+ *response = reply;
+- reply = NULL;
+ return PAM_SUCCESS;
+ }
+ #endif
+@@ -1626,6 +1626,39 @@ modecfg_inI2(struct msg_digest *md)
+ return STF_OK;
+ }
+
++/* Auxillary function for modecfg_inR1() */
++static char *
++cisco_stringify(pb_stream *pbs, const char *attr_name)
++{
++ char strbuf[500]; /* Cisco maximum unknown - arbitrary choice */
++ size_t len = pbs_left(pbs);
++
++ if (len > sizeof(strbuf)-1)
++ len = sizeof(strbuf)-1;
++
++ memcpy(strbuf, pbs->cur, len);
++ strbuf[len] = '\0';
++ /* ' is poison to the way this string will be used
++ * in system() and hence shell. Remove any.
++ */
++ {
++ char *s = strbuf;
++
++ for (;;)
++ {
++ s = strchr(s, '\'');
++ if (s == NULL)
++ break;
++ *s = '?';
++ }
++ }
++ (void)sanitize_string(strbuf, sizeof(strbuf));
++ DBG(DBG_CONTROL, DBG_log("Received Cisco %s: %s", attr_name, strbuf));
++ return clone_str(strbuf, attr_name);
++}
++
++
++
+ /** STATE_MODE_CFG_R1:
+ * HDR*, HASH, ATTR(SET=IP) --> HDR*, HASH, ATTR(ACK,OK)
+ *
+@@ -1639,7 +1672,6 @@ modecfg_inR1(struct msg_digest *md)
+ pb_stream *attrs = &md->chain[ISAKMP_NEXT_ATTR]->pbs;
+ int resp = LEMPTY;
+ struct payload_digest *p;
+- bool first_dns_flag = TRUE;
+
+ DBG(DBG_CONTROL, DBG_log("modecfg_inR1"));
+ openswan_log("received mode cfg reply");
+@@ -1791,14 +1823,30 @@ modecfg_inR1(struct msg_digest *md)
+ addrtot(&a, 0, caddr, sizeof(caddr));
+ openswan_log("Received DNS %s, len=%zd", caddr,
strlen(caddr));
+
+- if (first_dns_flag) {
+- strcpy(st->st_connection->cisco_dns_info, caddr);
+- first_dns_flag = 0;
+- }
+- else {
+- strcat(st->st_connection->cisco_dns_info, " ");
+- strcat(st->st_connection->cisco_dns_info, caddr);
+- }
++ {
++ struct connection *c = st->st_connection;
++ char *old = c->cisco_dns_info;
++
++ if (old == NULL)
++ {
++ c->cisco_dns_info = clone_str(caddr,
"cisco_dns_info");
++ }
++ else
++ {
++ /* concatenate new IP address string on end of
++ * existing string, separated by ' '.
++ */
++ size_t sz_old = strlen(old);
++ size_t sz_added = strlen(caddr) + 1;
++ char *new = alloc_bytes(sz_old + 1 + sz_added,
"cisco_dns_info+");
++
++ memcpy(new, old, sz_old);
++ *(new + sz_old) =' ';
++ memcpy(new + sz_old + 1, caddr, sz_added);
++ c->cisco_dns_info = new;
++ pfree(old);
++ }
++ }
+
+ DBG_log("Cisco DNS info: %s, len=%zd",
st->st_connection->cisco_dns_info, strlen(st->st_connection->cisco_dns_info));
+ }
+@@ -1812,28 +1860,18 @@ modecfg_inR1(struct msg_digest *md)
+ break;
+
+ case CISCO_BANNER:
+- {
+- DBG_dump("Received cisco banner: ", strattr.cur,
pbs_left(&strattr));
+- strncpy(st->st_connection->server_banner, strattr.cur,
pbs_left(&strattr));
+- st->st_connection->server_banner[pbs_left(&strattr)]='\0';
+- DBG_log("Cisco banner: %s", st->st_connection->server_banner);
+- resp |= LELEM(attr.isaat_af_type);
+- }
+- break;
+-
++ {
++ st->st_connection->cisco_banner =
cisco_stringify(&strattr,"Cisco Banner");
++ resp |= LELEM(attr.isaat_af_type);
++ break;
++ }
+
+ case CISCO_DEF_DOMAIN:
+- {
+- char tmp[50];
+- DBG_dump("Received cisco def domain: ", strattr.cur,
pbs_left(&strattr));
+- strncpy(tmp, strattr.cur, pbs_left(&strattr));
+- tmp[pbs_left(&strattr)]='\0';
+- DBG_log("Cisco defined domain: %s", tmp);
+- strcpy(st->st_connection->cisco_domain_info, tmp);
+- DBG_log("Cisco defined domain: %s",
st->st_connection->cisco_domain_info);
+- resp |= LELEM(attr.isaat_af_type);
+- }
+- break;
++ {
++ st->st_connection->cisco_domain_info =
cisco_stringify(&strattr,"Cisco Domain");
++ resp |= LELEM(attr.isaat_af_type);
++ break;
++ }
+
+ case CISCO_SPLIT_INC:
+ {
diff --git
a/patches/openswan-2.6.28/02-CVE-2010-330x-patch-regression-fix.dpatch
b/patches/openswan-2.6.28/02-CVE-2010-330x-patch-regression-fix.dpatch
new file mode 100755
index 0000000..d223392
--- /dev/null
+++ b/patches/openswan-2.6.28/02-CVE-2010-330x-patch-regression-fix.dpatch
@@ -0,0 +1,33 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## /tmp/CVE-2010-330x-patch-regression-fix.patch.dpatch by Paul Wouters
<p...@xelerance.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fdebd
+## DP: Author: Paul Wouters <p...@xelerance.com>
+## DP:
+## DP:
+## DP: fixes regression introduced by previous security fix
+
+...@dpatch@
+
+---
+ programs/pluto/kernel.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: openswan-2.6.28/programs/pluto/kernel.c
+===================================================================
+--- openswan-2.6.28.orig/programs/pluto/kernel.c
++++ openswan-2.6.28/programs/pluto/kernel.c
+@@ -463,9 +463,9 @@ fmt_common_shell_out(char *buf, int blen
+ , srcip_str
+ #ifdef XAUTH
+ # ifdef MODECFG
+- , c->cisco_dns_info
+- , c->cisco_domain_info
+- , c->cisco_banner
++ , c->cisco_dns_info ? c->cisco_dns_info : ""
++ , c->cisco_domain_info ? c->cisco_domain_info : ""
++ , c->cisco_banner ? c->cisco_banner : ""
+ # endif /* MODECFG */
+ #endif /* XAUTH */
+ #ifdef HAVE_NM
diff --git
a/patches/openswan-2.6.28/replace-absolute-link-by-relative-link.patch
b/patches/openswan-2.6.28/replace-absolute-link-by-relative-link.patch
new file mode 100755
index 0000000..e2c872a
--- /dev/null
+++ b/patches/openswan-2.6.28/replace-absolute-link-by-relative-link.patch
@@ -0,0 +1,22 @@
+Replace an absolute link by a relative link.
+
+Needed for cross compilation.
+
+Signed-off-by: Harro Haan <hrh...@gmail.com>
+---
+ programs/setup/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: openswan-2.6.28/programs/setup/Makefile
+===================================================================
+--- openswan-2.6.28.orig/programs/setup/Makefile
++++ openswan-2.6.28/programs/setup/Makefile
+@@ -32,7 +32,7 @@ include ${srcdir}../Makefile.program
+ doinstall:: setup
+ @rm -f $(BINDIR)/setup
+ @$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
+- @ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
++ @cd $(BINDIR) && ln -s ../../../$(INC_RCDEFAULT)/ipsec setup
+ -...@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
+ -...@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec
+ -...@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec
diff --git a/patches/openswan-2.6.28/series b/patches/openswan-2.6.28/series
new file mode 100755
index 0000000..6294045
--- /dev/null
+++ b/patches/openswan-2.6.28/series
@@ -0,0 +1,3 @@
+01-2.6.26-2.6.28-CVE-2010-330x.dpatch
+02-CVE-2010-330x-patch-regression-fix.dpatch
+replace-absolute-link-by-relative-link.patch
diff --git a/rules/openswan.in b/rules/openswan.in
new file mode 100755
index 0000000..363d4c3
--- /dev/null
+++ b/rules/openswan.in
@@ -0,0 +1,35 @@
+## SECTION=networking
+
+config OPENSWAN
+ tristate
+ prompt "openswan"
+ select LIBGMP
+ select BUSYBOX_AWK
+ select IPROUTE2
+ select IPTABLES
+ select BUSYBOX_LOGGER
+ select CROSS_DUMMY_STRIP
+ select KERNEL if OPENSWAN_KLIPS_MODULE
+ select OPENSSL if OPENSWAN_HAVE_OCF
+ help
+ Openswan is an IPsec implementation for Linux. Openswan supports the
+ Openswan KLIPS IPsec stack and the Linux NETKEY IPsec stack (kernel
+ configuration with CONFIG_NET_KEY required). For more info about
+ choosing the Kernel IPsec stack see:
+ www.installationwiki.org/Openswan#Choosing_the_Kernel_IPsec_Stack
+
+config OPENSWAN_KLIPS_MODULE
+ bool "KLIPS kernel module"
+ default n
+ depends on OPENSWAN
+ help
+ Compile and install Openswan KLIPS kernel module.
+
+config OPENSWAN_HAVE_OCF
+ bool "use OCF-Linux"
+ default n
+ depends on OPENSWAN
+ help
+ Use OCF-Linux to make use of asynchronous HW/SW crypto acceleration.
+ Patched Linux kernel required. For more info see:
+ http://ocf-linux.sourceforge.net/
diff --git a/rules/openswan.make b/rules/openswan.make
new file mode 100755
index 0000000..1e2b34e
--- /dev/null
+++ b/rules/openswan.make
@@ -0,0 +1,143 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2010 by Harro Haan <hrh...@gmail.com>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_OPENSWAN) += openswan
+
+#
+# Paths and names
+#
+OPENSWAN_VERSION := 2.6.28
+OPENSWAN := openswan-$(OPENSWAN_VERSION)
+OPENSWAN_SUFFIX := tar.gz
+OPENSWAN_URL :=
http://www.openswan.org/download/$(OPENSWAN).$(OPENSWAN_SUFFIX)
+OPENSWAN_SOURCE := $(SRCDIR)/$(OPENSWAN).$(OPENSWAN_SUFFIX)
+OPENSWAN_DIR := $(BUILDDIR)/$(OPENSWAN)
+OPENSWAN_LICENSE := GPLv2,BSD,RSADSI
+
+ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
+$(STATEDIR)/kernel.targetinstall.post: $(STATEDIR)/openswan.targetinstall
+endif
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/openswan.prepare:
+ @$(call targetinfo)
+ifdef PTXCONF_OPENSWAN_HAVE_OCF
+ @( \
+ echo "#ifndef CONFIG_KLIPS_OCF"; \
+ echo "#define CONFIG_KLIPS_OCF 1"; \
+ echo "#endif"; \
+ ) >> $(OPENSWAN_DIR)/packaging/linus/config-all.h
+endif
+ @$(call touch)
+
+# ----------------------------------------------------------------------------
+# Compile
+# ----------------------------------------------------------------------------
+
+ifdef PTXCONF_OPENSWAN_HAVE_OCF
+OPENSWAN_OCF := HAVE_OCF=true HAVE_OPENSSL=true CONFIG_KLIPS_OCF=y
+else
+OPENSWAN_OCF :=
+endif
+
+# settings are based on openswan-2.6.31/CROSSCOMPILE.sh
+OPENSWAN_CROSS := KERNELSRC=$(KERNEL_DIR) \
+ DESTDIR=$(OPENSWAN_PKGDIR) \
+ INC_USRLOCAL=/usr \
+ INC_RCDEFAULT=/etc/init.d \
+ ARCH=$(PTXCONF_KERNEL_ARCH_STRING) \
+ $(CROSS_ENV_PROGS) \
+ LD_LIBRARY_PATH=\"$(PTXDIST_SYSROOT_TARGET)/usr/lib \" \
+ PATH=$(CROSS_PATH) \
+ USERCOMPILE=\"-O2 -g $(CROSS_CPPFLAGS) $(CROSS_LDFLAGS) \" \
+ USERCOMPILE+=\"-DGCC_LINT -Dlinux -D__linux__ \" \
+ WERROR=' ' \
+ $(OPENSWAN_OCF)
+
+$(STATEDIR)/openswan.compile:
+ @$(call targetinfo)
+ @$(call compile, OPENSWAN, programs $(OPENSWAN_CROSS))
+
+ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
+ @$(call compile, OPENSWAN, module $(OPENSWAN_CROSS))
+
+ $(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \
+ -C $(KERNEL_DIR) \
+ M=$(OPENSWAN_DIR)/modobj26 \
+ OPENSWANSRCDIR=$(OPENSWAN_DIR) $(OPENSWAN_OCF) \
+ modules
+endif
+ @$(call touch)
+
+# ----------------------------------------------------------------------------
+# Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/openswan.install:
+ @$(call targetinfo)
+ @$(call compile, OPENSWAN, install $(OPENSWAN_CROSS))
+
+ @# remove *.old files, but do not strip here by using dummy-strip.sh
+ @$(call compile, OPENSWAN, ipkg_strip $(OPENSWAN_CROSS) \
+ STRIP=$(PTXCONF_SYSROOT_CROSS)/bin/strip)
+
+ @$(call touch)
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/openswan.targetinstall:
+ @$(call targetinfo)
+ifdef PTXCONF_OPENSWAN_KLIPS_MODULE
+ $(KERNEL_PATH) $(KERNEL_ENV) $(MAKE) $(KERNEL_MAKEVARS) \
+ -C $(KERNEL_DIR) \
+ M=$(OPENSWAN_DIR)/modobj26 \
+ modules_install
+endif
+
+ @$(call install_init, openswan)
+ @$(call install_fixup, openswan,PRIORITY,optional)
+ @$(call install_fixup, openswan,SECTION,base)
+ @$(call install_fixup, openswan,AUTHOR,"Harro Haan <hrh...@gmail.com>")
+ @$(call install_fixup, openswan,DESCRIPTION,missing)
+
+ @$(call install_tree, openswan, 0, 0, \
+ $(OPENSWAN_PKGDIR)/etc/ipsec.d/policies/, \
+ /etc/ipsec.d/policies/)
+
+ @$(call install_copy, openswan, 0, 0, 0755, -, \
+ /etc/init.d/ipsec)
+
+ @$(call install_copy, openswan, 0, 0, 0644, -, \
+ /etc/ipsec.conf)
+
+ @$(call install_tree, openswan, 0, 0, \
+ $(OPENSWAN_PKGDIR)/usr/lib/ipsec/, \
+ /usr/lib/ipsec/)
+
+ @$(call install_tree, openswan, 0, 0, \
+ $(OPENSWAN_PKGDIR)/usr/libexec/ipsec, \
+ /usr/libexec/ipsec)
+
+ @$(call install_copy, openswan, 0, 0, 0755, -, \
+ /usr/sbin/ipsec)
+
+ @$(call install_finish, openswan)
+
+ @$(call touch)
+
+# vim: syntax=make
--
1.7.0.4
--
ptxdist mailing list
ptxdist@pengutronix.de
